Though the deadline for PCI-DSS has long since passed and compliance rates are finally rising steadily across businesses of all sizes, more rules are waiting in the wings. As of June 30, companies will be required to either have their custom applications reviewed for common vulnerabilities by a vendor, or deploy a web application firewall.
This latest requirement, in what is likely to be a long procession of them, means no quick end to the confusion. But new initiatives, such as a scaled-down self-assessment questionnaire customized to a company's size, are trying to simplify the process for businesses. And there are other steps and technologies to consider that can help mitigate compliance pain.
In this section, we take a look at IT security implementations in retail situations.